Solar Cloud API
Security checks across malware telemetry and agentic risk
Overview
This is a straightforward Solax Cloud summary fetcher with expected API credential use and no evidence of hidden, destructive, or persistent behavior.
Install only if you are comfortable giving the skill a Solax API token and inverter serial number to retrieve energy summary data. Prefer environment variables over CLI arguments for the token, treat the serial number and output as private, and consider locking or reviewing the npm dependency before use.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.